Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!beartrk!ceilidh!dnichols From: dnichols@ceilidh.beartrack.com (DoN Nichols) Newsgroups: comp.sys.3b1 Subject: Re: Failure of iswind() Message-ID: <1991May25.040152.8151@ceilidh.beartrack.com> Date: 25 May 91 04:01:52 GMT References: <1991May24.203238.7990@sci.ccny.cuny.edu> Organization: D and D Data, Vienna, VA. Lines: 36 In article <1991May24.203238.7990@sci.ccny.cuny.edu> jeffrey@sci.ccny.cuny.edu (Jeffrey L Bromberger) writes: >Just for fun, I tried the following command from my VAX to my >ethernet'ted 3b1: > >% rsh notvax /usr/games/klondike > >Now, considering the fact that I'm not logged in on the console, this >should fail. This game, like many others, use iswind() to see if I'm >on the bitmapped screen. The logic should stop me if I'm not. >But, it doesn't! It overwrites the console display (without regard as >to what or who is going on) with the game screen! Yep, happened to me when my wife called it up after reading news on my system. >Any idea why all these games (klondike/mahjongg/rocks/bugs) all have >this behavior? Is it only seen when using the ethernet package? Does >this happen if someone dials in via the OBM? Is iswind() just plain >drain-bamaged? Yes, it happens when logged in to a tty port. I presume that it could happen via the OBM as well. Iswind() must be quite brain-damaged. I added code to my first copy of klondike to check if /dev/tty = w? to avoid this, but that is a kluge. >Isn't this some bizarre sort of security hole?!? At least a denial-of-service one. Maybe we need to rewrite iswind(). Kep Hoping DoN. -- Donald Nichols (DoN.) | Voice (Days): (703) 664-1585 D&D Data | Voice (Eves): (703) 938-4564 Disclaimer: from here - None | Email: --- Black Holes are where God is dividing by zero ---